[go: up one dir, main page]

WO2020101770A3 - Cross-domain solution using network-connected hardware root-of-trust device - Google Patents

Cross-domain solution using network-connected hardware root-of-trust device Download PDF

Info

Publication number
WO2020101770A3
WO2020101770A3 PCT/US2019/045608 US2019045608W WO2020101770A3 WO 2020101770 A3 WO2020101770 A3 WO 2020101770A3 US 2019045608 W US2019045608 W US 2019045608W WO 2020101770 A3 WO2020101770 A3 WO 2020101770A3
Authority
WO
WIPO (PCT)
Prior art keywords
network
cross
communication channel
hardware root
domain solution
Prior art date
Application number
PCT/US2019/045608
Other languages
French (fr)
Other versions
WO2020101770A2 (en
Inventor
Matthew C. Areno
Rex A. Nelson
Original Assignee
Raytheon Company
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Raytheon Company filed Critical Raytheon Company
Publication of WO2020101770A2 publication Critical patent/WO2020101770A2/en
Publication of WO2020101770A3 publication Critical patent/WO2020101770A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The concepts, systems and methods described herein are directed towards a security system. The system is provided to include a Hardware Root of Trust (HRoT) device comprising a processor and memory that is configured for connection and authentication to first and second host devices which are configured to communicate via a first communication channel having a first security level and a second communication channel having a second security level which is more secure than the first security level. The HRoT device is configured to: connect the first and second host devices via the second communication channel; and monitor the security of the first and second host devices over the second communication channel.
PCT/US2019/045608 2018-09-07 2019-08-08 Cross-domain solution using network-connected hardware root-of-trust device WO2020101770A2 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US201862728221P 2018-09-07 2018-09-07
US62/728,221 2018-09-07
US16/398,641 2019-04-30
US16/398,641 US11178159B2 (en) 2018-09-07 2019-04-30 Cross-domain solution using network-connected hardware root-of-trust device

Publications (2)

Publication Number Publication Date
WO2020101770A2 WO2020101770A2 (en) 2020-05-22
WO2020101770A3 true WO2020101770A3 (en) 2020-07-16

Family

ID=69719803

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2019/045608 WO2020101770A2 (en) 2018-09-07 2019-08-08 Cross-domain solution using network-connected hardware root-of-trust device

Country Status (2)

Country Link
US (1) US11178159B2 (en)
WO (1) WO2020101770A2 (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020205497A1 (en) 2019-04-01 2020-10-08 Raytheon Company Root of trust assisted access control of secure encrypted drives
WO2020205507A1 (en) 2019-04-01 2020-10-08 Raytheon Company Adaptive, multi-layer enterprise data protection & resiliency platform
US11494216B2 (en) * 2019-08-16 2022-11-08 Google Llc Behavior-based VM resource capture for forensics
US11601277B1 (en) 2020-11-20 2023-03-07 Rockwell Collins, Inc. Domain isolated processing for coalition environments
EP4012586A1 (en) * 2020-12-10 2022-06-15 Nagravision S.A. System for actively monitoring and securing a compute- and data-intensive electronic device, corresponding method and computer program product
US11824866B2 (en) * 2021-02-05 2023-11-21 Cisco Technology, Inc. Peripheral landscape and context monitoring for user-identify verification
US11729161B1 (en) * 2022-12-15 2023-08-15 Citibank, N.A. Pre-built, pre-tested, and standardized connectors for end-to-end connection

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080307488A1 (en) * 2002-10-16 2008-12-11 Innerwall, Inc. Systems And Methods For Enterprise Security With Collaborative Peer To Peer Architecture
US20090204964A1 (en) * 2007-10-12 2009-08-13 Foley Peter F Distributed trusted virtualization platform
US9251343B1 (en) * 2013-03-15 2016-02-02 Fireeye, Inc. Detecting bootkits resident on compromised computers

Family Cites Families (41)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6473857B1 (en) 1999-12-06 2002-10-29 Dell Products, L.P. Centralized boot
US7260555B2 (en) 2001-12-12 2007-08-21 Guardian Data Storage, Llc Method and architecture for providing pervasive security to digital assets
US7478235B2 (en) 2002-06-28 2009-01-13 Microsoft Corporation Methods and systems for protecting data in USB systems
US6986041B2 (en) 2003-03-06 2006-01-10 International Business Machines Corporation System and method for remote code integrity in distributed systems
US20050138409A1 (en) 2003-12-22 2005-06-23 Tayib Sheriff Securing an electronic device
JP4447977B2 (en) 2004-06-30 2010-04-07 富士通マイクロエレクトロニクス株式会社 Secure processor and program for secure processor.
US20060026417A1 (en) 2004-07-30 2006-02-02 Information Assurance Systems L.L.C. High-assurance secure boot content protection
JP4361894B2 (en) 2005-09-15 2009-11-11 株式会社エヌ・ティ・ティ・ドコモ External memory management device and external memory management method
US8719585B2 (en) 2008-02-11 2014-05-06 Nvidia Corporation Secure update of boot image without knowledge of secure key
WO2010030157A1 (en) 2008-09-11 2010-03-18 Kong Pheng Lee A method of authentication of computer id for portable data storage devices
US20100250796A1 (en) 2009-03-27 2010-09-30 David Jevans Establishing a Secure Channel between a Server and a Portable Device
KR101897605B1 (en) 2012-02-24 2018-09-12 삼성전자 주식회사 Method and apparatus for securing integrity of mobile termninal
US9384367B2 (en) 2012-09-04 2016-07-05 Intel Corporation Measuring platform components with a single trusted platform module
US9600291B1 (en) 2013-03-14 2017-03-21 Altera Corporation Secure boot using a field programmable gate array (FPGA)
JP6067449B2 (en) 2013-03-26 2017-01-25 株式会社東芝 Information processing apparatus and information processing program
US9953166B2 (en) 2013-07-04 2018-04-24 Microsemi SoC Corporation Method for securely booting target processor in target system using a secure root of trust to verify a returned message authentication code recreated by the target processor
CN110287654B (en) 2013-07-23 2023-09-05 爱立信股份有限公司 Media client device authentication using hardware trust root
US9319380B2 (en) 2014-03-20 2016-04-19 Bitdefender IPR Management Ltd. Below-OS security solution for distributed network endpoints
US9842212B2 (en) 2014-11-03 2017-12-12 Rubicon Labs, Inc. System and method for a renewable secure boot
WO2016081867A1 (en) 2014-11-20 2016-05-26 Interdigital Patent Holdings, Inc. Providing security to computing systems
US9558354B2 (en) 2014-11-24 2017-01-31 Dell Products, Lp Method for generating and executing encrypted BIOS firmware and system therefor
US9509587B1 (en) * 2015-03-19 2016-11-29 Sprint Communications Company L.P. Hardware root of trust (HROT) for internet protocol (IP) communications
US9626512B1 (en) 2015-03-30 2017-04-18 Amazon Technologies, Inc. Validating using an offload device security component
US10083306B2 (en) 2015-06-26 2018-09-25 Intel Corporation Establishing hardware roots of trust for internet-of-things devices
US10027717B2 (en) 2015-06-26 2018-07-17 Mcafee, Llc Peer-to-peer group vigilance
DE102015217933B4 (en) 2015-09-18 2017-11-09 Siemens Aktiengesellschaft Device for processing data and method for operating such a device
US10038705B2 (en) 2015-10-12 2018-07-31 Dell Products, L.P. System and method for performing intrusion detection in an information handling system
EP3391274B1 (en) 2015-12-19 2019-10-02 Bitdefender IPR Management Ltd. Dual memory introspection for securing multiple network endpoints
US9940483B2 (en) 2016-01-25 2018-04-10 Raytheon Company Firmware security interface for field programmable gate arrays
KR101772314B1 (en) 2016-02-18 2017-09-12 한양대학교 에리카산학협력단 Internet of things device protection method and system using introspection
US10402566B2 (en) 2016-08-01 2019-09-03 The Aerospace Corporation High assurance configuration security processor (HACSP) for computing devices
US10680809B2 (en) 2016-08-04 2020-06-09 Macronix International Co., Ltd. Physical unclonable function for security key
US10474814B2 (en) 2016-09-28 2019-11-12 Intel Corporation System, apparatus and method for platform protection against cold boot attacks
US10715526B2 (en) 2016-12-14 2020-07-14 Microsoft Technology Licensing, Llc Multiple cores with hierarchy of trust
US20180255076A1 (en) * 2017-03-02 2018-09-06 ResponSight Pty Ltd System and Method for Cyber Security Threat Detection
US20180365425A1 (en) 2017-06-15 2018-12-20 Qualcomm Incorporated Systems and methods for securely booting a system on chip via a virtual collated internal memory pool
US10365840B2 (en) 2017-06-30 2019-07-30 The Boeing Company System and method for providing a secure airborne network-attached storage node
WO2019023289A1 (en) 2017-07-27 2019-01-31 Eland Blockchain Fintech Inc. Electronic transaction system and method using a blockchain to store transaction records
US10839080B2 (en) * 2017-09-01 2020-11-17 Microsoft Technology Licensing, Llc Hardware-enforced firmware security
US11562101B2 (en) 2017-11-13 2023-01-24 Intel Corporation On-device bitstream validation
US10572430B2 (en) 2018-10-11 2020-02-25 Intel Corporation Methods and apparatus for programming an integrated circuit using a configuration memory module

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080307488A1 (en) * 2002-10-16 2008-12-11 Innerwall, Inc. Systems And Methods For Enterprise Security With Collaborative Peer To Peer Architecture
US20090204964A1 (en) * 2007-10-12 2009-08-13 Foley Peter F Distributed trusted virtualization platform
US9251343B1 (en) * 2013-03-15 2016-02-02 Fireeye, Inc. Detecting bootkits resident on compromised computers

Also Published As

Publication number Publication date
US20200084229A1 (en) 2020-03-12
US11178159B2 (en) 2021-11-16
WO2020101770A2 (en) 2020-05-22

Similar Documents

Publication Publication Date Title
WO2020101770A3 (en) Cross-domain solution using network-connected hardware root-of-trust device
WO2017177077A3 (en) Method and system to detect discrepancy in infrastructure security configurations from translated security best practice configurations in heterogeneous environments
WO2015179849A3 (en) Network authentication system with dynamic key generation
EP4236587A3 (en) Multi-access data connection in a mobile network
WO2017039777A3 (en) Network architecture and security with encrypted client device contexts
AU2018337040A1 (en) Systems and methods for time-based one-time password management for a medical device
GB2567591A (en) Methods and systems for secure onboarding of devices over a wireless network
WO2016093724A8 (en) Systems and methods for automatic device detection, device management, and remote assistance
WO2006115677A3 (en) Approach for securely deploying network devices
WO2015157693A3 (en) System and method for an efficient authentication and key exchange protocol
EP4465560A3 (en) System and method for using a proxy to communicate between secure and unsecure devices
EP4425895A3 (en) Accessing a local data network via a mobile data connection
GB2573679A (en) Cloud security stack
HK1246991A1 (en) Provisioning network ports and virtual links
RU2018126780A (en) NETWORK SECURITY COMMUNICATION SYSTEM
EP4236384A3 (en) Vehicle control system
EP2860944A3 (en) Network appliance architecture for unified communication services
WO2007089503A3 (en) Systems and methods for multi-factor authentication
WO2015123611A3 (en) Systems and methods for providing network security using a secure digital device
HK1209929A1 (en) Systems and methods for supporting a snmp request over a cluster
WO2019018699A3 (en) Systems and methods for packet spreading data transmission with anonymized endpoints
EP4380227A3 (en) System and method for connection and hand-over management across networks and ssids
JP2021007233A (en) Device and related method for secure hearing device communication
EA201992874A1 (en) SYSTEMS AND METHODS FOR THE MANAGEMENT OF EPHEMERIC JOINTLY USED DATA SET AND PROTECTION OF TRANSMITTED DATA
GB2572723A (en) Methods and systems for connecting a wireless communications device to a deployable wireless communications network

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19880967

Country of ref document: EP

Kind code of ref document: A2